Total
93235 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-7003 | 1 Google | 1 Chrome | 2024-08-07 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2024-7368 | 1 Oretnom23 | 1 Simple Realtime Quiz System | 2024-08-07 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability has been found in SourceCodester Simple Realtime Quiz System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /ajax.php?action=save_quiz. The manipulation of the argument title leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273352. | |||||
| CVE-2024-7353 | 2024-08-07 | N/A | 5.4 MEDIUM | ||
| The Accept Stripe Payments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's accept_stripe_payment_ng shortcode in all versions up to, and including, 2.0.86 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-7466 | 1 Pmweb | 1 Pmweb | 2024-08-06 | 3.3 LOW | 5.4 MEDIUM |
| A vulnerability has been found in PMWeb 7.2.00 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Web Application Firewall. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273559. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-5963 | 2024-08-06 | N/A | 6.7 MEDIUM | ||
| Unquoted Executable Path vulnerability in Hitachi Device Manager on Windows (Device Manager Server component).This issue affects Hitachi Device Manager: before 8.8.7-00. | |||||
| CVE-2024-41820 | 2024-08-06 | N/A | 6.0 MEDIUM | ||
| Kubean is a cluster lifecycle management toolchain based on kubespray and other cluster LCM engine. The ClusterRole has `*` verbs of `*` resources. If a malicious user can access the worker node which has kubean's deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the whole cluster, resulting in a cluster-level privilege escalation. This issue has been addressed in release version 0.18.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-25948 | 1 Dell | 1 Emc Idrac Service Module | 2024-08-02 | N/A | 4.4 MEDIUM |
| Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | |||||
| CVE-2024-25947 | 1 Dell | 1 Emc Idrac Service Module | 2024-08-02 | N/A | 4.4 MEDIUM |
| Dell iDRAC Service Module version 5.3.0.0 and prior, contain an Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | |||||
| CVE-2024-38489 | 1 Dell | 1 Emc Idrac Service Module | 2024-08-02 | N/A | 4.4 MEDIUM |
| Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bound write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service (partial) event. | |||||
| CVE-2024-38490 | 1 Dell | 1 Emc Idrac Service Module | 2024-08-02 | N/A | 4.4 MEDIUM |
| Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | |||||
| CVE-2024-38481 | 1 Dell | 1 Emc Idrac Service Module | 2024-08-02 | N/A | 4.4 MEDIUM |
| Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | |||||
| CVE-2024-39661 | 2024-08-02 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ExtendThemes Kubio AI Page Builder.This issue affects Kubio AI Page Builder: from n/a through 2.2.4. | |||||
| CVE-2024-39655 | 2024-08-02 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LiquidPoll LiquidPoll – Advanced Polls for Creators and Brands.This issue affects LiquidPoll – Advanced Polls for Creators and Brands: from n/a through 3.3.77. | |||||
| CVE-2024-39665 | 2024-08-02 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YMC Filter & Grids allows Stored XSS.This issue affects Filter & Grids: from n/a through 2.9.2. | |||||
| CVE-2024-39630 | 2024-08-02 | N/A | 5.5 MEDIUM | ||
| Deserialization of Untrusted Data vulnerability in MotoPress Timetable and Event Schedule allows Object Injection.This issue affects Timetable and Event Schedule: from n/a through 2.4.13. | |||||
| CVE-2024-38772 | 2024-08-02 | N/A | 6.5 MEDIUM | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Crocoblock JetWidgets for Elementor and WooCommerce allows PHP Local File Inclusion.This issue affects JetWidgets for Elementor and WooCommerce: from n/a through 1.1.7. | |||||
| CVE-2024-39660 | 2024-08-02 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jordy Meow Photo Engine allows Stored XSS.This issue affects Photo Engine: from n/a through 6.3.1. | |||||
| CVE-2024-39648 | 2024-08-02 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themewinter Eventin allows Stored XSS.This issue affects Eventin: from n/a through 4.0.5. | |||||
| CVE-2024-41951 | 2024-08-01 | N/A | 4.4 MEDIUM | ||
| Pheonix App is a Python application designed to streamline various tasks, from managing files to playing mini-games. The issue is that the map of encoding/decoding languages are visible in code. The Problem was patched in 0.2.4. | |||||
| CVE-2024-39318 | 2024-08-01 | N/A | 5.4 MEDIUM | ||
| The Ibexa Admin UI Bundle contains all the necessary parts to run the Ibexa DXP Back Office interface. The file upload widget is vulnerable to XSS payloads in filenames. Access permission to upload files is required. As such, in most cases only authenticated editors and administrators will have the required permission. It is not persistent, i.e. the payload is only executed during the upload. In effect, an attacker will have to trick an editor/administrator into uploading a strangely named file. | |||||